Groovy Principal Id

Returns a username attribute value as the final result of a groovy script’s execution. Groovy scripts whether inlined or external will receive and have access to the following variable bindings:

  • id: The existing identifier for the authenticated principal.
  • attributes: A map of attributes currently resolved for the principal.
  • service: The service object that is matched by the registered service definition.
  • logger: A logger object, able to provide logger.info(...) operations, etc.
  • Embed the groovy script directly inside the service configuration.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
    {
      "@class" : "org.apereo.cas.services.CasRegisteredService",
      "serviceId" : "sample",
      "name" : "sample",
      "id" : 600,
      "description" : "sample",
      "usernameAttributeProvider" : {
        "@class" : "org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider",
        "groovyScript" : "groovy { return attributes['uid'][0] + '123456789' }",
        "canonicalizationMode" : "UPPER"
      }
    }
    

    Note that the uid attribute in the above example is resolved internally as a multivalued attribute, as should all attributes when fetched by CAS. So the above example uses the [0] syntax to fetch the first value of the attribute.

  • Reference the groovy script as an external resource outside the service configuration. The script must return a single String value.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
    {
      "@class" : "org.apereo.cas.services.CasRegisteredService",
      "serviceId" : "sample",
      "name" : "sample",
      "id" : 600,
      "description" : "sample",
      "usernameAttributeProvider" : {
        "@class" : "org.apereo.cas.services.GroovyRegisteredServiceUsernameProvider",
        "groovyScript" : "file:///etc/cas/sampleService.groovy",
        "canonicalizationMode" : "UPPER"
      }
    }
    

    Sample Groovy script follows:

    1
    2
    
    logger.info("Choosing username attribute out of attributes $attributes")
    return "newPrincipalId"
    

    The configuration of this component qualifies to use the Spring Expression Language syntax.